Welcome on the homepage of the chair "Internet Technologies and Systems" of Prof. Dr. Christoph Meinel and his team. We like to inform you about our teaching and ongoing research activities in security, knowledge engineering, innovation and design thinking research.

The chair of Prof. Dr. Christoph Meinel offers courses in the following disciplines: Internet and Web Technologies, (Discrete) Mathematics and Logic, IT Security and Internet Security, Complexity Theory and Information Security as well as Design Thinking.

The research of the team of Prof. Dr. Christoph Meinel in the field of knowledge management and engineering focus on the challenging question, how to manage the mass of digital data, so-called "big data", from Internet and other sources in order to generate new knowledge.

Towards Vulnerability Assessment as a Service in OpenStack Clouds

Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.